Another data breach has surfaced online targeting Indian citizens shortly after the Air India breach. The recent report comes from Dominos India that admitted a data breach after the hackers disclosed it. Roughly 180 million order details, together with other data, have appeared on the dark web for sale.
Dominos India Data Breach
Reportedly, Dominos India has sent emails to its customers notifying them of a data breach.
As per the details, Jubilant FoodWorks Limited running the Domino’s India franchise suffered a cyber attack on March 24, 2021.
Upon detecting the incident, the firm acted quickly to contain the attack and secure its systems. Also, their email reads that customers’ financial information remained safe as Domino’s India never store such data.
However, what’s worrisome is that the email didn’t clarify if any other information has suffered an impact during the incident. Nor did they elaborate on the incident details.
Moreover, the company also informed the customers months after the breach happened. That’s what the security researcher Rajshekhar Rajaharia has also pointed out in his tweet.
Domino's started alerting it's users. Data breach happened on 24th March 2021. They didn't state in the email what was in the breach. #Infosec #GDPR #dominosdatabreach #DominosDataleakhttps://t.co/BfR4zbKfDF pic.twitter.com/RBaMf6kP19
— Rajshekhar Rajaharia (@rajaharia) May 25, 2021
Nonetheless, the firm has confirmed to continue with investigations whilst involving cybersecurity experts. Also, they assured to have filed complaints with the cybercrime cell.
Data Of 180 Million Put Up For Sale
Domino’s India’s breach alert seemingly downplays the incident that has a far-reached impact on customers.
According to Bleeping Computer, a threat actor already put up a huge database for sale on the dark web back in April 2021. It was a 13TB data which, as claimed, included details of 250 employees, customer details, and precise information related to 180 million orders. This includes customers’ names, addresses, email addresses, phone numbers, GPS locations, and more.
Also, contrary to what Domino’s India claimed in the email, the stolen database included 1 million credit card data.
Besides, the database also includes internal files from 2015 to 2021 along with outlook mail archives.
The sellers have set up a price of 10BTC for this database.
Apart from selling, the same threat actors have set up a public search engine on the dark web for anyone to check for the appearance of personal data in a breach.
Though, anyone attempting to do so should bear in mind that the search engine belongs to the threat actors. Thus, any information entered there, if not impacted earlier, will now surely reach the hackers.
Let us know your thoughts in the comments.